Univention Bugzilla – Bug 25830
univention-ldapsearch funktioniert nur als root
Last modified: 2019-01-03 07:23:46 CET
univention-ldapsearch ruft univention-config-registry ohne absoluten Pfad auf. Es liegt aber in /usr/sbin, was für nicht-Root-User nicht im PATH liegt.
univention-ldapsearch by default uses the host account, for which the password is stored in the file /etc/machine.secret. Since it is owned and readable by root:root only, the wrapper should be moved to /usr/sbin/ instead.
would be nice to use kerberos instead if available?
(In reply to Florian Best from comment #2) > would be nice to use kerberos instead if available? Better echo "SASL_MECH GSSAPI" >> /etc/ldap/ldap.conf and use plain "ldapsearch", "ldapmodify", "ldapwhoami"...
(In reply to Philipp Hahn from comment #3) > (In reply to Florian Best from comment #2) > > would be nice to use kerberos instead if available? > > Better > echo "SASL_MECH GSSAPI" >> /etc/ldap/ldap.conf > and use plain "ldapsearch", "ldapmodify", "ldapwhoami"... as Bug #29482 is fixed since UCS-4.1
Yes, this would be very nice :)
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.